Get Permission To Use That WiFi Hotspot, Or You Are Committing A Felony

By consumeristcareyJune 2, 2007

Michigan charged Sam Peterson II with a felony for accessing a coffee-shop’s WiFi network from his car over several weeks. The police visited Sam’s car after a barber next to the coffee-shop mistook Sam for a stalker.

The police didn’t know what to do, so they referred the case to the local prosecutor. The prosecutor’s office decided to charge Sam with fraudulently accessing a computer network, a felony punishable by up to five years in the slammer. Sam’s lawyers had never heard of the 1979 statute, but they advised him to take a plea bargain that allowed him to stay out of jail after paying a $400 fine and performing 40 hours of community service.

To avoid Sam’s fate, Michigan residents must get explicit permission to use a hotspot from its owner, or see a pop-up screen declaring that the hotspot is open to the public. To further reduce the chance of getting slapped with a felony charge for using a business’ WiFi connection, go in and buy something. — CAREY GREENBERG-BERGER

Comments

Edit Your Comment

If you don’t want people using your Wifi, password protect it… Quick & simple. There’s plenty of programs & systems out there to handle Wifi hotspots if you want to limit it solely to paying customers.

In the Michigan case, I do think the guy was overstaying his welcome but the shop owner should have approached him before doing anything further. Still, if you leave something out in the open, don’t be surprised when people (ab)use it.

I honestly would sue the cafe for allowing me to access internet in a area I wasn’t supposed to be able to access it, plus emotional trauma caused. I would sue the barber for the lawyer fees and try to have him tried for filing a false police report.

That is true no more than not locking your car door is implicitly granting access to your car.
A bit of a straw-man argument I know, but it wouldn’t stand up to scrutiny to say no locks imply public access.

@ErikinPA: Yeah, I thought about that. It can get murky. Like, “If any of the light escapes from my store, and you use it, it is theft.” Or, “just because the water founding in my building doesn’t have a padlock on it, that doesn’t mean you are free to use it. That is theft!”

I’m also going to agree with the whole “If you really don’t want people using your network, password protect it” camp. For example, one hotel I stay in has WiFi, but they will only give you a password if you’ve paid for a room. That seems fair enough. Oh, I hear the outcry coming from businesses that don’t want non-customers using their WiFi, but don’t want to pay for any additional work to secure their access points. Sorry, you can’t have it both ways.

Did the guy overdo it? Sure. Does the coffee-shop owner have the right to ask him to stop using the access point? I think he does. At that point, the police should have told him to knock it off, everybody goes home and that’s the end of it. The ridiculous thing here is that the coffee shop owner didn’t even complain. It sounds to me like the police were pissed off that they didn’t catch their stalker, so they were just looking for something to charge Peterson with, and even better that it was a felony.

“We came back and we looked up the laws and we figured if we found one and thought, ‘Well, let’s run it by the prosecutor’s office and see what they want to do,'” Milanowski said.

If that doesn’t sound like angry law-enforcement searching for any breakable law to charge somebody with, I don’t know what does.

To me, this seems like one of those areas where rules and regulations are 20 years behind the technology, and it doesn’t look like anyone is interested in trying to come up with a solution to this, so when something happens involving an open WiFi connection, police and prosecutors dust off the 30-year-old “Big-Book-O-Laws” and see what they can find that’s remotely applicable, no matter how badly outdated the law is. I’m pretty sure the 1979 law didn’t apply to open WiFi access points, even if it was amended in 2000. But hopping on to a WiFi access point doesn’t seem to me to have much in common with breaking into a corporate network to steal business records.

I mean, come on, the guy was checking his e-mail for posts from his bagpipe group, not stealing credit-card numbers or downloading kiddie-porn. At best, unless authorities could prove he was doing something malicious or involved in illegal activity, it seems like a petty crime at best, if you could even prove there was a crime committed.

@ErikinPA: @mantari: This is different, though, isn’t it? To me, the correct analogy (or better analogy) would be a terrestrial radio broadcast, or a sports event. If you broadcast a radio show, you cannot reasonably tell me I can’t listen to it even though my radio picks it up. Likewise, if I can see into a stadium from my living room window (or from a public place), you cannot keep me from peering in to watch the game. I just don’t see how one establishes property rights in a broadcast stream (content, however, is a different story — e.g., satellite broadcasts). Or maybe it’s that you could not establish such rights without a showing that you took precautions to protect those rights, whether by using a password, scrambling a signal, or building a wall around your ballpark.

In any event, this is not a straightforward issue. And I’m surprised Michigan had concerns about computer network fraud dating back to 1979.

@nequam: The FCC actually addressed this issue back in 1986. Until that point, it was perfectly legal to listen in to analog cellular phones using a scanner. The FCC passed the Electronic Communications Protection act of 1986, making it illegal to listen to cellular phones or other supposedly private communications that were not intended for the general public. It was also ridiculously unenforceable.

The unwritten dividing line seemed to be whether or not the signal was encrypted, since it was pretty much a joke to think that you could enforce a law that just told people “don’t do that.” If somebody obviously went out of their way to incercept and decode scrambled transmissions, then it crossed the line…although the FCC hardly had the manpower to actively enforce it.

In the case of WiFi, however, if it’s not encrypted and the connection is left open, it’s unreasonable to expect people not to “listen.” A good number of laptops that have XP are defaulted to look for any available WiFi access point. I wonder how many people would be charged with a crime because their computer connected to an access point without them even knowing about it?

Always strip away the confusing digital aspects to see if it’s really a crime:

Guy is kicking it in his car. Hair dresser (sorry, stylist!) gets s-s-s-c-a-r-e-d. Calls the cops. Cops witness, say, the guy sipping from an unattended water hose of a cafe. SWAT is called, TASERs ensue, guy is carted off.

In both this analogy and the real case, someone is using something that belongs to someone else, albiet a good that has a marginal cost of nearly zero, hence the owner’s unlikely to attach a value to it. In fact, in this case, the owner gives it away free. The cafe owner, when asked by reporters later, said he wished police would have checked with him, indicating that he wouldn’t have pressed charges for the technically accurate yet trivial “theft”.

(At this point, reasonable enforcement would be for the police to check w/ cafe owner, asking, “Press charges for water-sipper?”)

Instead, they throw the book at him using inappropriate charges. Absurd waste of policing resources. I guess all the rapists, robbers and murders have been caught in Michigan. Good to know. (/snark)

On the bright side, there’s one less bag-piper walking the streets. So… Victory?!

@trai_dep: Exactly. I like the water fountain analogy. The guy was using something that didn’t belong to him, yes, but was of little monetary value. That doesn’t make it right, but puts it into perspective. Stealing a pen from work or pocketing packets of ketchup from the local fast-food place is technically breaking the law too, but come on, how many felony pen-stealing cases have you ever heard of?

The cops could have let the whole thing go, but they were pissed off that Peterson wasn’t their stalker. The owner of the “stolen” WiFi service didn’t even press charges. How can you prosecute somebody for theft when the owner of the stolen property isn’t even pressing charges? It was the cops and/or prosecutor that kept the legal action going, not the coffee-shop owner.

So even if the streets are free of another bag-piper, the ends doesn’t justify the means. Maybe if he were a mime it would have, but this seems more like a blatant case of overzealous law-enforcement run afoul than anything else.

The guy in Michigan actually had a decent argument that he hadn’t committed a crime, as was detailed at length in this post at the Volokh Conspiracy. He just chose to settle to make the case go away, when at the end of the day he probably did nothing wrong, even under Michigan’s silly laws.

Whether you want to be the guy that stands up to the boneheaded prosecutor and actually makes the arguments (risking a judge going against you, and having to pay for your lawyer) is an entirely different question. But the issue is the prosecutor, not the laws of Michigan.

Was the guy in the wrong for accessing the network- everybody seems to think so, but I’m not so sure. The cafe setup free wifi as a benefit to its customers. He choose to not encrypt it or have it locked out with a special password page or something. Therefore, the cafe owner decided by default that anybody within range can use it for free. The owner might “prefer” only customers use the free wifi, but by leaving it totally open, they are saying “it doesn’t matter enough to restrict it”.

How about if the guy got something from the cafe and then went to his car to use the internet, would that be acceptable? Or should the internet only be good for inside the restaurant? I think it is more of a moral question than legal one.

How about the free public hotspots? Obviously they are free and open by their very purpose. How is one to tell what the difference is between a free hotspot and someone leaving their wifi open- I could just tell my computer to access the first available network. I was waiting for my car to be fixed recently and the waiting room had free wifi, so I opened up my pc and told it to look for available networks. When it did, it found about 4 connections with nearby strength (3 open, 1 with WEP). How was I supposed to know the one “intended” for free wifi? I just clicked on the open one with the strongest signal and got on.

@dwayne_dibbly: The FCC passed nothing. Congress passed this silly uninformed law and it was the FCC’s job to enforce it just like it is the IRS’s job to enforce the various silly and uninformed tax laws.

When I lived in North Carolina, there was a story of a sheriff using a cell phone to contact headquarters rather than his police radio because he thought it was more secure. At least that was what the cell company told him until someone wised him up.

It is not a matter of someone just using a “signal” They were using the internet access as well which is something the cafe pays for to make it an more enjoyable experience for “customers”. Sine he wasn’t a “customer” he didn’t get the right to use the network.

@ncboxer:
If someone chose to leave their car doors unlocked and the keys in the ignition, would it not be a crime to jump in the car and drive it for a few blocks? It is the same here. Just because it is “open” doesn’t mean people have the rights to go and use it whenever they please. If you don’t own it, you don’t have the right to make that decision, how about asking someone instead?

In the state of Florida, this is known as Computer Trespass. I know of one person locally who had already got arrested for doing it outside someone else’s house.

As stated in the article, the owner of the cafe had no issues with the guy using it, he could have came inside and bought nothing and used it if he asked. Also to note, the police make a major mistake of not asking the owner if they wanted to press charges, they went ahead and did it anyway.

Also, to point out, the barbershop owner was in the right to call the police as it was an overall decision to protect people from a possible sex offender.

This is stupid. Just stupid. As a student gearing up for a sysadmin job, I have to agree with the “should’ve locked down” camp — IANAL, but even if the coffee shop owner put something as primitive as WEP on it, then legally, he would have been putting up the figurative “No Trespassing” sign — saying you need permission to use the network. However, since he did not, the access point was broadcasting its name stating clearly by the 802.11 protocol standards that it was open to use by any computer within range. Thus, it was presented as for general public access even if it was not.

A good analogy here would be a group of computers at a kiosk in the mall. If the computer has a login screen up, you know that you have to get permission from someone to use the computers, and by all probability they may even be only for employee use. If, however, they’re sitting at the desktop, then you’re safe to assume that the mall put them there for anyone passing by to hop on and get their Internet fix. Really, it’s the same thing.

I would also like to add that no, it is NOT like leaving your car unlocked and the keys in the ignition. The very PURPOSE of SSID broadcasting is for computers that don’t otherwise know about the network to find out about it, and coupled with no encryption that, to the best of my knowledge, constitutes a BLATANT declaration of permission granted to the public to use. Your car doesn’t have a sign on it that says “Hop in, give me a spin!” But the access point is saying just that to any computer that happens to pick up on its signal.

You click on the name of the network. Your computer sends a request to the network that says “Can I have an IP address to use the internet?” If there is a password, a little box pops up and says “Not without a password, motherfucker.” If there is no password, then it says “Yes, here is a long IP address number that you can use.”

Seems to me like he asked permission when he clicked on the network. We know he got permission because if he didn’t have permission from the network, he wouldn’t be able to get on it.

Judges and prosecutors are so ignorant about computer technology that they shouldn’t be allowed to opine on it without extensive training.

“Also, to point out, the barbershop owner was in the right to call the police as it was an overall decision to protect people from a possible sex offender.”

Um. No. A technophobic barber calling the cops in this guy is not a decision to protect people from anything. In order to know if someone is a potential criminal you have to have training.

This is like saying a racist was justified in calling the cops on an arab man sightseeing in washington, because it was an overall decision to protect people from a possible terrorist. No no no no no. Not in a free or rational country.

Ok, next time I see someone walk into a store with a gun I will remember I do not have the training to do anything about and ignore him as he shoots several people. That is the same type of logic you are using. A person sitting in their car at the same area day after day is suspicious enough behavior to call the police.

Also, yes you are wrong. The router broadcasts the SSID for easy connectivity for the customers of said cafe. When your computer detects the network, it will not automatically connect until you tell it to, which you did not ask permission to do so. A router will lease an IP address to the computer when it is requested if there is no password or the right password was entered.

Your logic would not fly in a court of law. It would be like saying, I took your car keys and started your car and drove off. Since, you didn’t have a security system or biometrics of any sort, that it is ok since the car did not object. I bet you would object, same is for many people in the form of their wireless networks. You can not use an automated system as a type of formal permission.

@ShadowFalls: I disagree. If you set up what appears to be a public computer in a public place and fail to put up as much as a sign that says “don’t use this computer”, even if you didn’t intend the computer for public use, a person that happens to sit down and toy with it is certainly not at fault. The access point, by all standards and protocols, is presenting itself to every computer in range as an open access point ready, willing, and authorized to provide Internet access to every Wi-Fi equipped computer in range. To say that you “don’t know how” to put up the proverbial no unauthorized use sign (by enabling some kind of security measure or at least disabling SSID broadcasting, in which case your customers would get your SSID from the counter and ask for it by name) is probably understandable, but by no means does it mean that someone that falls into the unintenioned legal trap of using your seemingly-intentional access point is committing a crime, or owes you, or society, anything.

To use a car, you must move it, and that deprives the rightful owner of its usefulness, philosophically if not legally constituting theft. To use a computer you merely have to have a seat and get to web surfing — the rightful owner can drop by and take over at any time. For WiFi it’s even better, by using it you’re not depriving anyone of anything significant since everyone on the network gets their fair share of bandwidth. (Perhaps if you were, say, running BitTorrent on their Wi-Fi I could see an argument for theft of service, but otherwise you’re not using anything that was just being wasted anyway.) Stealing a car that happens to have the keys in the ignition, and taking bandwidth from an access point specifically configured to give it away, even if that’s an erroneous default configuration, are two very different things. And if he deliberately set it up that way he SHOULD HAVE understood what he was getting into — that he’s explicitly letting anyone that passes by use his bandwidth.

Of course, if you have a degree in law with which you can prove me wrong on this, I’d love to see the statutes that define theft of a service.

I’d like to add that Microsoft agrees with me on the matter, as Windows XP will automatically connect to the nearest open access point without user input, whether it “has permission” or not, unless you disable that feature explicitly.

I also just spotted your “automated system” argument. A car is not an automated system, it requires user interaction to do anything. Wi-Fi is, and the system itself must provide formal permission because there is no other entity which can in the case that you are seeking permission to access a certain access point. If I need to get on the Internet, I’m not going to get a second and third Wi-Fi card and do triangulation in an attempt to find its owner, who more often than not won’t be home, so I can’t ask permission anyway.

People have to realize that Wi-Fi is DESIGNED to give formal permission when authorized. I actually place most of the blame on manufacturers of Wi-Fi access points and routers who will default to an open, broadcsting, sharing configuration, which will “just work” in the eyes of the uneducated user who doesn’t realize that Linksys/Belkin/etc just handed lent their Internet connection to the world. Of course, as Consumerist readers we know that there probably isn’t much we can do about it so all we can hope to do is educate consumers.

i think it’s even more basic than whether or not an unprotected network is “public” by default.

the fact that it’s in a coffee shop, and is designed to be freely accessed without payment means that there is no functional difference between sitting in the shop, and sitting just outside the shop. the issue is probably that he wasn’t buying any coffee.

so, yes, the charge they are looking for is “loitering.” unless they charge for the use of their internet service.

Microsoft does what it is easier for the user as it assumes you are following the law and are connecting with permission to do so.

The fact remains, just because someone leaves their Wifi connection open, where some do not intentionally from ignorance, doesn’t mean it gives you the legal right to use it. If I left my front door open, it does not give you to right to go into my house, that would be trespassing, the same would apply here.

It is pretty obvious that this guy knew that the purpose of the “free” WiFi was to induce the purchase of coffee. 1. You buy coffee. 2. Use our WiFi. He was simply avoiding his obiligation to patronize the coffee shop by sitting outside in his car EVERY day for over a week. He should be held accountable.

So whats next? charging little kids with felonys too? The Nintendo DS browser is a few days from launching and already connects to some games. I am SURE that the local neighborhood kids are going to check to legality of every spot around town they can pick up.

As for this case password protect it or expect to have other people using it not in the store. Most wifi’s in my area only have a single name when they pop up on their laptop like “Router1322″ or “Mcdonalds1″ etc and unless the little password pops up there is no indication whether they are for free public use or not. Not to mention the vast majority of the public has no idea that they are doing anything illegal in the first place because many places broadcast intending the public to use for free. This guy should have got a simple loitering charge and NOTHING ELSE.

Car theft is the wrong analogy. The one that’s better is convicting a guy with a felony for sipping from a water fountain that’s unattended on the outside of some other guy’s coffee house. Who’s shocked/dismayed that the police even bothered (which is the case here). End of story. :D

Wait, people seem to be missing some facts here. It was a Cafe with an open “wifi” signal. The Cafe never called the cops, never filed charges, shit, as far as I can tell hasn’t even commented on this case. If they didn’t care (as I assume from the silence) why is this guy being charged by the DA? While I agree we are overly “sue happy” it really seems like this dude’s lawyer should be filing for a dismissal, not telling his client to plead no contest. Dipshit lawyer.

I have to agree with everyone saying that unsecured wifi equals public wifi. Should he ethically have gone in to the cafe every once in a while and bought a Latte? I would say yes, but ethical behavior does not equal legal responsibilities.

Did the cafe file charges? Were they called as witnesses to explain that the guy did or did not ‘steal’ web access? If my friend parks in front of my house and uses my access by permission is that also a crime?

Holy crap – I have that exact same wifi antenna, and I used to own a copy of that book. It’s Build Your Own Laser, Phaser, Ion Ray Gun, and Other Working Space-Age Projects by Robert Iannini. The guy may use sensantional names for his gadgets and totally over-engineer them (does a laser pointer really need a touch-sensitive switch rather than a mechanical on-off switch?) but his designs are good.

…..Both of the Windows XP laptops I’ve bought came with the wireless already set to to “automatically connect to non-preferred networks.” If you boot one of these things up, you might notice the little yellow bubble that says “wireless network is now connected.” Then again, you might not, if you’re trying to see your laptop screen in the daytime…

…..This is an area where the discriminating end user has to tweak some settings, like turning off the non-preferred auto connect, and disabling ad-hoc connections. Further more, you probably should go to Microsoft.com and search for the “wireless client update,” install it, and tweak it up so that your laptop is not constantly broadcasting your preferred network names.

…..In my opinion, this prosecution is a waste of the taxpayers’ money. I’ll bet there are unsolved murders, robberies, and even unpaid parking fines that the cops and prosecutors ought to be working on. This sort of thing is why people think that cops are assholes!

…..To split a few more hairs, using someone’s wi-fi isn’t the same as listening to a broadcast signal. Your machine is also transmitting requests to the access point, which is different than just intercepting forbidden signals. Both are technically illegal, but with wi-fi, you’re interacting with someone else’s hardware.